Researchers have discovered malware circulating in the wild that uses a private signing certificate belonging to the Malaysian government to bypass warnings many operating systems and security software display when end users attempt to run untrusted applications.
The stolen certificate belongs to the Malaysian Agricultural Research and Development Institute, according to Mikko Hypponen, chief research officer of F-Secure, the Finnish security firm that found it was being used to sign malware spread using booby-trapped PDF files. By using the official credential to vouch for the trustworthiness of the malicious application, the attackers were able to suppress warnings Microsoft Windows issues when users attempt to install unsigned applications.
“The malware itself has been spread via malicious PDF files that drop it after exploiting Adobe Reader 8,” Hypponen wrote in a blog post published on Monday. “The malware downloads additional malicious components from a server called worldnewsmagazines.org. Some of those components are also signed, although this time by an entity called www.esuplychain.com.tw.”